Companies Facing Likely Fraud to be Connected to Breached Data by a Startup

05/09/2016

The rising instances of data breaches is driving defenders to seek new ways to connect the dots and stop secondary crimes sooner even as the continuing parade of mass data breaches increases the opportunities for miscreants to use grabbed credentials for all manner of fraud.

The Dark Web, where criminals trade or sell large quantities of stolen credit card data and most other imaginable categories of personal information is being crawled by companies like Baltimore's Terbium Labs who have professionalized the crawling activity.

Going beyond credit monitoring and reporting additional information to consumers is the trait of companies like the Austin-based AllClear ID, formerly known as Debix, and a number of other companies who go a step beyond credit monitoring. One of its services alerts subscribers if material about them shows up after the services looks for breached data turned over to the FBI-affiliated National Cyber-Forensics & Training Alliance.

A third way at cyber security - allowing banks and other potential fraud magnets to see if their customers are involved and have accounts more likely to be targeted after the systems collect breached data directly from the companies that were hit, would be tried and initiated by an Austin startup starting from Monday.

Charging those most likely to be hit with follow-on fraud for access to information that reduces their risk is the primary idea behind the system and what is being dubbed the Compromised Identity Exchange.

Companies that have been breached can feel that they have done more than most to protect their customers or employees by heading off future fraud that might hurt them and additionally such companies would not pay anything to hand over the data that was stolen.

A company XOR Data Exchange claims that it can produce useful data faster by hearing from the victims instead of trolling the Dark Web, where it may already be too late by the time it appears and this company is running this service.

Waiting for the people exposed to opt in, as they must for credit monitoring or the system may also allow breached companies to share the sensitive information without changing their privacy policies due to heavy security on the data, XOR says.